CVE-2014-8182
First published: Fri May 09 2014(Updated: )
An off-by-one error leading to a crash was discovered in openldap 2.4 when processing DNS SRV messages. If slapd was configured to use the dnssrv backend, an attacker could crash the service with crafted DNS responses.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| debian/openldap | 2.4.57+dfsg-3+deb11u1 2.5.13+dfsg-5 2.5.18+dfsg-2 | |
| Red Hat OpenLDAP Servers | =2.4 | |
| Debian Linux | =8.0 | |
| Debian Linux | =9.0 | |
| Debian Linux | =10.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=893821&action=diff
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=893821&action=edit
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1095976#c7
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1095976
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1095976#c9
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=733078
- http://www.openldap.org/its/index.cgi/Incoming?id=7027;page=8
- http://www.openldap.org/its/index.cgi/Software%20Enhancements?id=7027
- http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=blobdiff;f=libraries/libldap/dnssrv.c;h=de849e30d5b01ae855853c79e88fb06d7aea1137;hp=6d1bfa8e3c2b05ca5ed0ebebc00c3a30086bca95;hb=31995b535e10c45e698b62d39db998c51f799327;hpb=5de85b922aaa5bfa6eb53db6000adf01ebdb0736
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1095976#c19
- http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=blobdiff
- http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=commitdiff;h=eef1ca007f60fdcb9b5368608e87dd0b2404bceb
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1164369
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1095976#c22
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=733435
- https://rhn.redhat.com/errata/RHBA-2015-1292.html
- https://rhn.redhat.com/errata/RHSA-2015-2131.html
- https://bugzilla.redhat.com/show_bug.cgi?id=1095976
- https://access.redhat.com/security/cve/cve-2014-8182
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-8182
- https://bugzilla.suse.com/show_bug.cgi?id=CVE-2014-8182
- https://security-tracker.debian.org/tracker/CVE-2014-8182
- https://bugzilla.redhat.com/show_bug.cgi?id=1095976#c26
Frequently Asked Questions
What is the severity of CVE-2014-8182?
CVE-2014-8182 has a medium severity rating due to its potential to crash the OpenLDAP server.
How can I fix CVE-2014-8182?
To fix CVE-2014-8182, update OpenLDAP to versions 2.4.57+dfsg-3+deb11u1, 2.5.13+dfsg-5, or 2.5.18+dfsg-2.
What systems are affected by CVE-2014-8182?
CVE-2014-8182 affects OpenLDAP versions 2.4 and specific Debian Linux distributions, including versions 8.0, 9.0, and 10.0.
What type of vulnerability is CVE-2014-8182?
CVE-2014-8182 is an off-by-one error that can lead to a service crash when processing DNS SRV messages.
What could an attacker do using CVE-2014-8182?
An attacker could exploit CVE-2014-8182 to send crafted DNS responses that cause the OpenLDAP service to crash.
- agent/type
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- collector/security-tracker-debian
- source/Debian
- agent/software-canonical-lookup
- agent/severity
- agent/remedy
- agent/weakness
- agent/references
- agent/last-modified-date
- agent/author
- agent/description
- agent/event
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2014-8182
- agent/trending
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- package-manager/debian
- vendor/openldap
- canonical/red hat openldap servers
- version/red hat openldap servers/2.4
- vendor/debian
- canonical/debian linux
- version/debian linux/8.0
- version/debian linux/9.0
- version/debian linux/10.0